test0908
/
django
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed #159 -- Prevent the `AdminSite` from logging users out when they try to log in form the logout page. Many thanks, ashchristopher. 

git-svn-id: http://code.djangoproject.com/svn/django/trunk@17465 bcc190cf-cafb-0310-a4f2-bffc1f526a37
This commit is contained in:
Jannis Leidel 2012-02-09 18:56:23 +00:00
parent bd58612514
commit 03eeb020a0
2 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
django/contrib/admin/sites.py Normal file → Executable file
View File

@ -1,5 +1,5 @@
from functools import update_wrapper from functools import update_wrapper
from django import http from django.http import Http404, HttpResponseRedirect
from django.contrib.admin import ModelAdmin, actions from django.contrib.admin import ModelAdmin, actions
from django.contrib.admin.forms import AdminAuthenticationForm from django.contrib.admin.forms import AdminAuthenticationForm
from django.contrib.auth import REDIRECT_FIELD_NAME from django.contrib.auth import REDIRECT_FIELD_NAME
@ -188,6 +188,10 @@ class AdminSite(object):
""" """
def inner(request, *args, **kwargs): def inner(request, *args, **kwargs):
if not self.has_permission(request): if not self.has_permission(request):
if request.path == reverse('admin:logout',
current_app=self.name):
index_path = reverse('admin:index', current_app=self.name)
return HttpResponseRedirect(index_path)
return self.login(request) return self.login(request)
return view(request, *args, **kwargs) return view(request, *args, **kwargs)
if not cacheable: if not cacheable:
@ -421,7 +425,7 @@ class AdminSite(object):
'models': [model_dict], 'models': [model_dict],
} }
if not app_dict: if not app_dict:
raise http.Http404('The requested admin page does not exist.') raise Http404('The requested admin page does not exist.')
# Sort the models alphabetically within each app. # Sort the models alphabetically within each app.
app_dict['models'].sort(key=lambda x: x['name']) app_dict['models'].sort(key=lambda x: x['name'])
context = { context = {

28
tests/regressiontests/admin_views/tests.py Normal file → Executable file
View File

@ -3385,3 +3385,31 @@ class AdminCustomSaveRelatedTests(TestCase):
self.assertEqual('Josh Stone', Parent.objects.latest('id').name) self.assertEqual('Josh Stone', Parent.objects.latest('id').name)
self.assertEqual([u'Catherine Stone', u'Paul Stone'], children_names) self.assertEqual([u'Catherine Stone', u'Paul Stone'], children_names)
class AdminViewLogoutTest(TestCase):
urls = "regressiontests.admin_views.urls"
fixtures = ['admin-views-users.xml']
def setUp(self):
self.client.login(username='super', password='secret')
def tearDown(self):
self.client.logout()
def test_client_logout_url_can_be_used_to_login(self):
response = self.client.get('/test_admin/admin/logout/')
self.assertEqual(response.status_code, 200)
self.assertEqual(response.template_name, 'registration/logged_out.html')
self.assertEqual(response.request['PATH_INFO'], '/test_admin/admin/logout/')
# we are now logged out
response = self.client.get('/test_admin/admin/logout/')
self.assertEqual(response.status_code, 302) # we should be redirected to the login page.
# follow the redirect and test results.
response = self.client.get('/test_admin/admin/logout/', follow=True)
self.assertEqual(response.status_code, 200)
self.assertEqual(response.template_name, 'admin/login.html')
self.assertEqual(response.request['PATH_INFO'], '/test_admin/admin/')
self.assertContains(response, '<input type="hidden" name="next" value="/test_admin/admin/" />')